(a) In this subtitle the following words have the meanings indicated. (b) “Encryption” means the protection of data in electronic or optical form, in storage or in transit, using a technology that: (1) is certified to meet or exceed the level that has been adopted by the Federal Information Processing Standards issued by the National Institute of Standards […]
(a) This subtitle does not apply to personal information that: (1) is publicly available information that is lawfully made available to the general public from federal, State, or local government records; (2) an individual has consented to have publicly disseminated or listed; (3) except for a medical record that a person is prohibited from redisclosing under § 4–302(d) of […]
When a unit is destroying records of an individual that contain personal information of the individual, the unit shall take reasonable steps to protect against unauthorized access to or use of the personal information, taking into account: (1) the sensitivity of the records; (2) the nature of the unit and its operations; (3) the costs and benefits of […]
(a) To protect personal information from unauthorized access, use, modification, or disclosure, a unit that collects personal information of an individual shall implement and maintain reasonable security procedures and practices that are appropriate to the nature of the personal information collected and the nature of the unit and its operations. (b) (1) This subsection shall apply to a […]
(a) (1) In this section, “breach of the security of a system” means the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the personal information maintained by a unit. (2) “Breach of the security of a system” does not include the good faith acquisition of personal information by an employee or agent of […]
The provisions of this subtitle are exclusive and shall preempt any provision of local law.
(a) If a unit is required under § 10–1305 of this subtitle to give notice of a breach of the security of a system to 1,000 or more individuals, the unit also shall notify, without unreasonable delay, each consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, as defined by 15 […]
A unit or nonaffiliated third party that complies with § 501(b) of the federal Gramm–Leach–Bliley Act; 15 U.S.C. § 6801, § 216 of the federal Fair and Accurate Credit Transactions Act; 15 U.S.C. § 1681w Disposal of Records; the federal Interagency Guidelines Establishing Information Security Standards; and the federal Interagency Guidance on Response Programs for […]
